fighting the lack of good ideas
You may have heard of the recently-discovered/-published TLStorm vulnerability that affects – at least – APC SmartUPS devices. One of the prime issues highlighted is the embedded nanoSSL library that APC has used on these systems. If you want to find out if your system is affected, the following nmap except should start you towards…
continue “on using nmap to help find tlstorm-affected devices” »
After a friend of mine told me he wanted to deploy Jitsi on my main webserver, and me saying “sure”, I decided I wanted to get it up and running on a new server both so I knew how to do it, and to avoid the latency issues of videoconferencing from central North America to…
continue “basic dockerized jitsi deployment with an apache reverse proxy on centos” »
I noticed I haven’t updated my previous post on keeping my Let’s Encrypt certs updated since building-out a couple new servers. systemctl stop httpd.service /bin/certbot renew –preferred-challenges http-01,dns-01 –must-staple systemctl start httpd.service systemctl restart postfix Not a big change, but one worth making If you haven’t installed certbot yet, you should
Qualys – https://www.ssllabs.com/ssltest High-Tech Bridge – https://www.htbridge.com/ssl Comodo – https://sslanalyzer.comodoca.com SSL Checker – https://www.sslchecker.com/sslchecker
Last year I posted a simple script for keeping your Let’s Encrypt SSL certificates current. In conjunction with my last post sharing the “best” SSL configs you can use with Apache on CentOS, here is the current state of the cron’d renewal script I use. systemctl stop httpd.service systemctl stop postfix ~/letsencrypt/letsencrypt-auto -t -n –agree-tos –keep…
continue “update: keeping your let’s encrypt certs up-to-date” »
In follow-up to previous posts I’ve had about SSL (specifically with Let’s Encrypt), here is the set of SSL configurations I use with all my sites. These, if used correctly, should score you an “A+” with no warnings from ssllabs.com. Note: I have an improved entropy package installed (twuewand). This is adapted from the Mozilla config…
continue “ssl configuration for apache 2.4 on centos 7 with let’s encrypt” »
After moving to a new server, I wanted to finally get ownCloud up and running (over SSL, of course) on it. And I like subdomains for different services, so I wanted to put it at sub.domain.tld. This turns out to be not as straight-forward as one might otherwise hope, sadly – ownCloud expects to be…
continue “putting owncloud 8 on a subdomain instead of a subdirectory on centos 7” »